A comprehensive survey of AI-enabled phishing attacks detection techniques

  • PDF / 1,375,835 Bytes
  • 16 Pages / 595.276 x 790.866 pts Page_size
  • 56 Downloads / 242 Views

DOWNLOAD

REPORT


A comprehensive survey of AI-enabled phishing attacks detection techniques Abdul Basit1 · Maham Zafar1 · Xuan Liu2

· Abdul Rehman Javed3 · Zunera Jalil3 · Kashif Kifayat3

Accepted: 9 October 2020 © Springer Science+Business Media, LLC, part of Springer Nature 2020

Abstract In recent times, a phishing attack has become one of the most prominent attacks faced by internet users, governments, and service-providing organizations. In a phishing attack, the attacker(s) collects the client’s sensitive data (i.e., user account login details, credit/debit card numbers, etc.) by using spoofed emails or fake websites. Phishing websites are common entry points of online social engineering attacks, including numerous frauds on the websites. In such types of attacks, the attacker(s) create website pages by copying the behavior of legitimate websites and sends URL(s) to the targeted victims through spam messages, texts, or social networking. To provide a thorough understanding of phishing attack(s), this paper provides a literature review of Artificial Intelligence (AI) techniques: Machine Learning, Deep Learning, Hybrid Learning, and Scenario-based techniques for phishing attack detection. This paper also presents the comparison of different studies detecting the phishing attack for each AI technique and examines the qualities and shortcomings of these methodologies. Furthermore, this paper provides a comprehensive set of current challenges of phishing attacks and future research direction in this domain. Keywords Phishing attack · Security threats · Advanced phishing techniques · Cyberattack · Internet security · Machine learning · Deep learning · Hybrid learning

Abbreviations SVM Support vector machine RF Random forest

B

Xuan Liu [email protected] Abdul Basit [email protected] Maham Zafar [email protected] Abdul Rehman Javed [email protected] Zunera Jalil [email protected] Kashif Kifayat [email protected]

1

Department of Computer Science, Air University, E-9, Islamabad, Pakistan

2

School of Information Engineering, Yangzhou University, Yangzhou, China

3

Department of Cyber Security, Air University, E-9, Islamabad, Pakistan

IBK ANN RF DT eDRI LR CART XGB GBDT AB NN GBM GLM NB KNN KS LC-ELM ELM RC PCA

Instant base learner Artificial neural network Rotation forest Decision forest Enhanced dynamic rule induction Linear regression Classification and regression tree Extreme gradient boost Gradient boosting decision tree AdaBoost Neural-networks Gradient boosting machine Generalized linear model Navies Bayes K-nearest neighbor K-star Combination extreme learning machine Extreme learning machine Random committee Principle component analysis

123

A. Basit et al.

1 Introduction The process of protecting cyberspace from attacks has come to be known as Cyber Security [16,32,37]. Cyber Security is all about protecting, preventing, and recovering all the resources that use the internet from cyber-attacks [20,38,47]. The complexity in the cybersecurity domain increases daily, which